If shorewall is no longer maintained, what do people recomend instead -- it seems to be working, although I cannot integrate it with tailscale, which would be nice. On Mon, 03 Feb 2025 00:20:06 -0500, Tom Eastep wrote: > > You are correct - it is the hyphen. In these contexts, Shorewall > accepts an IP address range (<addr1>-<addr2>). A hyphen in a DNS name > is therefore being processed accordingly. > > As Shorewall is no longer maintained, that is not going to change (and > I'm not sure I would have changed it if I were still supporting the > code). The best workaround is to resolve these DNS names in the params > file and assign the result to a shell variable; then expand the shell > variable where you need to use the address(es). > > -Tom > > On 2/2/25 2:50 PM, Philip Pemberton via Shorewall-users wrote: > > On 02/02/2025 21:19, Tuomo Soini via Shorewall-users wrote: > >> Hyphen is not the issue. Issue is non-fqdn hostname, I'd guess. > >> Documentation is very clear, it advices against dns names. > >> Please read this part of documentation carefully and please, don't use > >> dns name in config. > >> > >> https://shorewall.org/manpages/shorewall-names.html#idm30 > > > > Nope, it's definitely the hyphen. I changed one of the "rules" lines to: > > > > SMTP/DNAT net loc:int-mailserver.locnet.philpem.me.uk > > > > And got a very similar error: > > > > shorewall[2924742]: ERROR: Invalid IP Address (int) /usr/share/ > > shorewall/macro.SMTP (line 12) > > shorewall[2924742]: from /etc/shorewall/rules (line 84) > > > > Note that in the error, only the part of the FQDN before the hyphen > > is shown: Shorewall is trying to resolve "int", which doesn't exist. > > > > I've read the documentation and am aware of its limitations. > > > > I only use this feature for hostnames on my own local LAN, defined > > in the router's /etc/hosts (they're served with dnsmasq). Life is > > just easier when everything is in one place. > > > > Thanks. > > > -- > Tom Eastep \ Q: What do you get when you cross a mobster > Shoreline, \ with an international standard? > Washington, USA \ A: Someone who makes you an offer you > http://shorewall.org \ can't understand > \________________________________________ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
